Just run the gullet as you would for any Web Application test.
Just poking around, there is at least some forms of XSS in some of the file
name fields when you would be uploading a file.
Hope that helps, as I was a user of the software, not a pen-tester :-)
Shirkdog
http://www.shirkdog.us
From: 09sparky@gmail.com
To: pen-test@securityfocus.com
Subject: BlackBoard Academic Suite ?
Date: 28 Sep 2006 22:07:01 -0000
I will be trying to bypass Blackboard Academic Suite security for an
upcoming Penetration Test and was wondering if anyone has had resent sucess
with the later versions of Blackboard Academic Suite. I haven't been able
to probe for an exact versoin #, but my guess is that it is a recent
version. I have seen the posts on this site about CSS, but my guess is
they won't work for this client. Any suggestions , or links to exploits in
the wild?
Thanks,
Sparky
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
_________________________________________________________________
Be seen and heard with Windows Live Messenger and Microsoft LifeCams
http://clk.atdmt.com/MSN/go/msnnkwme0020000001msn/direct/01/?href=http://www.microsoft.com/hardware/digitalcommunication/default.mspx?locale=en-us&source=hmtagline
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
